The unprecedented growth of computing power and communication bandwidth in the last few decades has driven an explosion in the size and complexity of application software. Specifically, it has spurred an almost universal adoption of modular and extensible software designs, from ordinary PC applications, to operating systems kernels, and even to embedded systems. In many cases, however, the ability to extend software systems has come hand in hand with the need to isolate them from untrusted or potentially faulty extensions.; This dissertation will focus on the important problem of code isolation, where existing techniques vary in many and often interrelated dimensions such as granularity, code complexity, invocation latency, dynamism, isolation strategy, permissible extension functionality, and degree of integration with the operating system kernel. Specifically, the implementation of a particular technique imposes restrictions on the properties of extensions. Examples include proof-based techniques that are only applicable to simple extensions of small granularity, hardware-based isolation techniques that typically incur a measurable invocation latency due to hardware re-configuration overhead, and programming language techniques that impose implementation and compiler restrictions.; The goal of this dissertation is to explore the design space of code isolation techniques, identify characteristics of individual approaches, and then argue for and design a hybrid approach that combines their advantages while avoiding their drawbacks. The contributions of this thesis will be threefold: (1) a taxonomy of metrics and properties relevant to software code isolation techniques, (2) the design and implementation of a novel hybrid architecture for safe kernel extension with pliable characteristics, and (3) an evaluation of the hybrid approach and comparison with homogeneous alternatives.
展开▼
